On Fri, 27 Jan 2023 12:07:32 -0500 Mike Gulick <mgul...@mathworks.com> wrote: > Package: systemd > Version: 247.3-7+deb11u1 > Severity: normal > X-Debbugs-Cc: mgul...@mathworks.com > > Dear Maintainer, > > Systemd creates a few users and groups on first boot via systemd- sysusers > (e.g. systemd-timesync, systemd-coredump). These users are created with UIDs > and GIDs starting from 999, working downwards. However systemd still creates > users in this range even when SYS_UID_{MIN,MAX} and SYS_GID_{MIN,MAX} are set in > /etc/login.defs (as well as the relevant settings in /etc/adduser.conf). > Starting with systemd 247, systemd does provide an option to respect > /etc/login.defs for auto-generated UIDs, however that feature must be enabled > via the compile-time option '-Dcompat-mutable-uid-boundaries=true', which Debian > does not currently do. This feature was added to systemd via this pull request: > https://github.com/systemd/systemd/pull/17172. > > At my organization, we have some unix accounts that are > 20 years old, and some > of the old UIDs and GIDs are in the 100-999 range. These can't be easily > renumbered as this would cause NFS permission issues (there are *many* file > servers). To work around this, we configure our systems to use a higher ID > range (30000) for system UIDs and GIDs, however systemd on Debian does not > currently respect this configuration. Its easy-enough to renumber these > auto-created accounts since there aren't many and they don't own any files in > the filesystem, but it would be nice if systemd created them with the right > UID/GID in the first place. > > FYI I looked at the rpm SPEC for RHEL9 and it looks like it has this feature > enabled, so that gives some confidence that it is stable. > > Thanks, > Mike
This is very much a legacy compat feature flag, and in general I'd like to remove as many of these as possible, rather than adding them... Michael what do you think? -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part